Here’s why you shouldn’t download this JPEG of Taylor Swift

December 20, 2019December 20, 2019 Alan Cross 3 Comments

If you’re a Taylor Swift fan, you might want to hold off downloading any new images of her.

Mining cryptocurrency takes a lot of distributed computing power. To achieve the scale necessary, you can (a) invest a lot of money in building banks of servers (and the electricity it takes to run them) or (b) co-opt other people’s machines by turning them into mining zombies.

A crytocurrency-mining botnet that goes by the name MyKingz, Smoinru, DarkCloud, and Hexman is using a technique called steganography to infect personal computers with malware. Basically, malicious files are hidden inside legitimate ones. Once on your machine, the malware gets installed.

One of the files this group is using is a .jpeg of Taylor Swift. There’s a little .exe file lurking within the image, which runs the moment the image lands on a machine.

This is apparently the image in question (Don’t worry: This is an image of an image of an image. The .exe is not here.)

According to TNW, more than half a million Windows systems have been infected resulting in the creating of more than US$2.3 million worth of crypto called Monero.

3 thoughts on “Here’s why you shouldn’t download this JPEG of Taylor Swift”

Eugene Archibald

December 22, 2019 at 8:46 pm

This is entirely false and you should take it down.

This is not at all how this works.
- Alan Cross
  Post author
  
  December 23, 2019 at 7:48 am
  
  Explain. Did you follow the link to the original article?
- markosaar
  
  December 24, 2019 at 9:15 am
  
  My first reaction was that this is BS, but I remembered there historically was a vulnerability in the library (GDI) that Windows uses to display images … iirc it was over ten years ago at this point.
  
  While trying to Google it though, I stumbled across an apparent modern version of the same thing: https://fortiguard.com/encyclopedia/endpoint-vuln/56005